Added support to directly connect also to Microsoft SQL Server database.

Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output). Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods. Forced conf.timeout to 10 seconds when directly connecting to database. Slightly improved regular expression to parse -d parameter. Added import check for all connectors' third-party libraries. Code refactoring: * Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed). * Back-delegated to generic connector close() and other methods.
2025-12-07 13:11:29 +00:00 · 2010-03-31 10:50:47 +00:00
parent d583cc07e7
commit 5fdebb5d5b
22 changed files with 205 additions and 223 deletions
--- a/plugins/dbms/mysql/connector.py
+++ b/plugins/dbms/mysql/connector.py
@@ -47,10 +47,7 @@ class Connector(GenericConnector):
    def __init__(self):
        GenericConnector.__init__(self)

-    def connect(self, reuse=True):
-        if reuse and self.connector:
-            return
-
+    def connect(self):
        self.initConnection()

        try:
@@ -83,11 +80,3 @@ class Connector(GenericConnector):
    def select(self, query):
        self.execute(query)
        return self.fetchall()
-
-    def setCursor(self):
-        self.cursor = self.connector.cursor()
-
-    def close(self):
-        self.cursor.close()
-        self.connector.close()
-        self.closed()
--- a/plugins/dbms/mysql/fingerprint.py
+++ b/plugins/dbms/mysql/fingerprint.py
@@ -154,9 +154,6 @@ class Fingerprint(GenericFingerprint):
        * http://dev.mysql.com/doc/refman/6.0/en/news-6-0-x.html (manual has been withdrawn)
        """

-        infoMsg = "testing MySQL"
-        logger.info(infoMsg)
-
        if conf.dbms in MYSQL_ALIASES and kb.dbmsVersion and kb.dbmsVersion[0].isdigit():
            setDbms("MySQL %s" % kb.dbmsVersion[0])

@@ -168,6 +165,9 @@ class Fingerprint(GenericFingerprint):
            if not conf.extensiveFp:
                return True

+        infoMsg = "testing MySQL"
+        logger.info(infoMsg)
+
        randInt = str(randomInt(1))
        payload = agent.fullPayload(" AND CONNECTION_ID()=CONNECTION_ID()")
        result  = Request.queryPage(payload)